package org.sao.security.browser;



import javax.sql.DataSource;

import org.sao.security.core.authentication.AbstractChannelSecurityConfig;
import org.sao.security.core.authentication.mobile.SmsCodeAuthenticationSecurityConfig;
import org.sao.security.core.properties.SecurityConstants;
import org.sao.security.core.properties.SecurityProperties;
import org.sao.security.core.validate.code.ValidateCodeSecurityConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
import org.springframework.security.web.session.InvalidSessionStrategy;
import org.springframework.security.web.session.SessionInformationExpiredStrategy;
import org.springframework.social.security.SpringSocialConfigurer;






@Configuration
public class BrowserSecurityConfig extends AbstractChannelSecurityConfig {

	
	@Autowired
	private SecurityProperties securityProperties;
	
	
	@Autowired
	private DataSource dataSource;
	
	@Autowired
	private UserDetailsService userDetailsService;

	
	@Autowired
	private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;
	
	@Autowired
	private ValidateCodeSecurityConfig validateCodeSecurityConfig;
	
	@Autowired
	private SpringSocialConfigurer zySocialSecurityConfig;
	
	
	@Autowired
	private SessionInformationExpiredStrategy sessionInformationExpiredStrategy;
	
	@Autowired
	private InvalidSessionStrategy invalidSessionStrategy;
	
	
	@Bean
	PersistentTokenRepository persistentTokenRepository(){
		JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
		tokenRepository.setDataSource(dataSource);
		//tokenRepository.setCreateTableOnStartup(true);
		return tokenRepository;
	}
	
	
	
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// TODO Auto-generated method stub
		applyPasswordAuthenticationConfig(http);
		
		 http
		.apply(validateCodeSecurityConfig)
		.and()
		.apply(smsCodeAuthenticationSecurityConfig)
		.and()
		.apply(zySocialSecurityConfig)
		.and()
		.rememberMe()
		.tokenRepository(persistentTokenRepository())
		.tokenValiditySeconds(securityProperties.getBrowser().getRememberMeSeconds())
		.userDetailsService(userDetailsService)
		.and()
		.sessionManagement()
		    .invalidSessionStrategy(invalidSessionStrategy)
		    .maximumSessions(securityProperties.getBrowser().getSession().getMaximumSessions())
		    .maxSessionsPreventsLogin(securityProperties.getBrowser().getSession().isMaxSessionsPreventsLogin())
		    .expiredSessionStrategy(sessionInformationExpiredStrategy)
		    .and()
		    .and()
		    .logout()
		    .logoutSuccessUrl(securityProperties.getBrowser().getLoginPage())
		    .deleteCookies("JSESSIONID")
		    .and()
		    .authorizeRequests()
		    .antMatchers(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL).permitAll()
		    .antMatchers(SecurityConstants.DEFAULT_LOGIN_PROCESSING_URL_MOBILE).permitAll()
		    .antMatchers(SecurityConstants.DEFAULT_VALIDATE_CODE_URL_PREFIX+"/*").permitAll()
		    .antMatchers(securityProperties.getBrowser().getLoginPage()).permitAll()
		    .antMatchers(securityProperties.getBrowser().getSession().getSessionInvalidUrl()+".json").permitAll()
		    .antMatchers(securityProperties.getBrowser().getSession().getSessionInvalidUrl()+".html").permitAll()
		    .anyRequest()
		    .authenticated()
		    .and()
		    .csrf().disable();
	}

}
